Let’s start with one simple thesis that has already set the teeth on edge: information technology is constantly evolving. In addition to the obvious advantages that such qualitative changes entail, there are a number of quite obvious difficulties. The most relevant of them for us, as information security specialists, is the complication of information security systems.
If once upon a time it was possible to get by with simple access control and encryption of confidential information, now you cannot immediately figure out what to use. Some abbreviations (like IPS, DLP and WAF) are already used by many. However, if you dig a little deeper, an unprecedented world of multifunctional protection and marketing systems will open up. Let’s figure out what all these fashionable abbreviations mean and what is behind them.
New systems evolve all the time and try to close as many tasks as possible, which makes it increasingly difficult to divide them into groups. We will move from “simple” to complex. Our first stop is app protection.
AST – Application Security Testing
Application analysis and testing tools to help you keep an eye on software vulnerabilities. Gartner identifies four main types of ASTs:
Static AST (SAST) – white box testing. Allows you to find vulnerabilities in source code at an early stage of development.
Dynamic AST (DAST) – black box testing. Helps to find vulnerabilities and security weaknesses in a running application. Such tools simulate a previously known list of external attacks against an application.
Interactive AST (IAST) – combines some of the elements of the two previous approaches. Testing occurs in real time while the application is running in a QC or test environment. The code itself is also checked, but after assembly.
Mobile AST – identifies and analyzes vulnerabilities in mobile applications during and after development.
SCA – Software Composition Analysis
SCA-class software solutions are designed to automatically detect risks and eliminate vulnerabilities in the code, as well as control the use of external elements with open source code.
WAF – Web Application Firewall
Application-layer traffic filtering tools specifically targeted at web applications and most often used to protect off-the-shelf applications. WAF can be implemented as a cloud service, an agent on a web server, or a dedicated hardware or virtual appliance. Classic WAF placement on the network – in reverse proxy mode, in front of protected web servers. Other operating modes may be supported depending on the manufacturer. For example, transparent proxy, bridging, or even passive mode when the product works with traffic replication.
RASP – Runtime Application Self-Protection
This security technology is built into or linked to an application or application runtime and is capable of monitoring its execution and detecting and preventing attacks in real time. RASP can analyze application behavior and the context in which it occurs, as opposed to perimeter-based security. There are two modes of operation:
Diagnostics (only alert about threats);
Self-defense (prohibition of suspicious instructions).
DAP – Database audit and protection
Systems of this class ensure the security of relational database management systems (DBMS). DAP is an evolution of the basic monitoring capabilities of the database activity monitoring (DAM) tools, but at the same time they have additional features such as:
- Data discovery and classification;
- threat and vulnerability management;
- analysis at the application level;
- intrusion prevention;
- blocking activity;
- analysis of identity and access management.
- DLP – Data Leak Prevention or Data Loss Prevention
Data leakage prevention systems are based on the analysis of data flows crossing the perimeter of the protected information system. When confidential information is detected, an active component of the system is triggered, and the transmission of a message (packet, stream, session) is blocked or a copy of the traffic is saved for post-analysis in case an investigation of a possible leak is conducted.
DCAP – Data-Centric Audit and Protection
These data privacy protections know where sensitive data is stored, define data governance policies in a business context, protect data from unauthorized access or use, and monitor and audit data to ensure that there is no deviation from normal behavior. Despite a new approach to protecting data (rather than perimeter), the solution has not found much popularity.
CASB – Cloud Access Security Broker
A tool for monitoring cloud applications, resources and services. It controls how communication between cloud applications and the outside world takes place using proxy and / or API mode. CASB systems can be deployed in both on-premises and cloud environments